From bfbd9cbdc79d0af254ee387ae840efe4702b2b3e Mon Sep 17 00:00:00 2001
From: Joe Robinson <joe@mumsnet.com>
Date: Mon, 21 Jul 2014 10:20:48 +0100
Subject: Check if user is an admin or added the poll to allow them to remove
 one

---
 poll.go | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

(limited to 'poll.go')

diff --git a/poll.go b/poll.go
index 9ca9aeb..803cf6c 100644
--- a/poll.go
+++ b/poll.go
@@ -1,9 +1,10 @@
 package main
 
 import "github.com/mxk/go-sqlite/sqlite3"
+import "fmt"
 
 type Poll struct {
-    id int
+    id int64
     title string
     userId int64
 }
@@ -60,7 +61,7 @@ func getPollFromTitle(db *sqlite3.Conn, title string) Poll {
     row := make(sqlite3.RowMap)
     
     for ; err == nil ; err = s.Next() {
-        var rowid int
+        var rowid int64
         s.Scan(&rowid, row)     // Assigns 1st column to rowid, the rest to row
 
         poll := Poll{id:rowid, title:row["title"].(string), userId:row["user_id"].(int64)}
@@ -80,7 +81,7 @@ func getPollFromId(db *sqlite3.Conn, id int) Poll {
     row := make(sqlite3.RowMap)
     
     for ; err == nil ; err = s.Next() {
-        var rowid int
+        var rowid int64
         s.Scan(&rowid, row)     // Assigns 1st column to rowid, the rest to row
 
         poll := Poll{id:rowid, title:row["title"].(string), userId:row["user_id"].(int64)}
@@ -92,16 +93,25 @@ func getPollFromId(db *sqlite3.Conn, id int) Poll {
 
 }
 
-func deletePoll(db *sqlite3.Conn, id int) error {
+func deletePoll(db *sqlite3.Conn, id int, nick string) error {
 
+    user := getUserForName(db, nick)
     poll := getPollFromId(db, id)
 
-    if (poll.id == 0) {
-        return nil
+
+    if (user.isAdmin || poll.userId == user.id) {
+        if (poll.id == 0) {
+            return nil
+        } else {
+            sql := "DELETE FROM polls WHERE id = $a"
+            args := sqlite3.NamedArgs{"$a": id}
+            db.Exec(sql, args)
+            return nil
+        }
     } else {
-        sql := "DELETE FROM polls WHERE id = $a"
-        args := sqlite3.NamedArgs{"$a": id}
-        db.Exec(sql, args)
+        fmt.Println("denied")
         return nil
     }
+
+
 }
\ No newline at end of file
-- 
cgit v1.2.3